Data breach compromised info of 1M-plus who sought benefits

  • By Gene Johnson The Associated Press
  • Wednesday, February 3, 2021 1:30am
  • News

By Gene Johnson

The Associated Press

SEATTLE — A Washington agency examining how the state fell victim to massive unemployment fraud last year said that files on 1.6 million claims that it obtained for its investigation have been exposed by a data breach — meaning people who already lost work due to the pandemic might have to add identity theft to their difficulties.

The breach involved a third-party software vendor, Accellion, which the state Auditor’s Office uses to transmit files.

The auditor has been looking into how Washington’s Employment Security Department lost hundreds of millions of dollars to fraudsters, including a Nigerian crime ring, which rushed to cash in on sweetened pandemic-related benefits by filing fake unemployment claims in the names of real state residents.

“I know this is one more worry for Washingtonians who have already faced unemployment in a year scarred by both job loss and a pandemic,” Auditor Pat McCarthy said in a news release Monday.

“I am sorry to share this news and add to their burdens.”

During a news conference later in the day, she called it “ironic” that files the agency obtained from the Employment Security Department to investigate the fraud would be subject to a breach, possibly opening victims to more fraud. Those potentially affected include people who filed for unemployment benefits between Jan. 1 and Dec. 10, 2020. That includes many state workers as well as people who had fake unemployment claims submitted on their behalf.

It’s not clear how many people are affected because some would have filed multiple unemployment claims, but McCarthy said she believes it to be at least 1 million people — close to one in seven Washington residents.

The data includes names, Social Security numbers, driver’s license numbers, bank information and place of employment. The Auditor’s Office says it is working with state cybersecurity officials, law enforcement and others to try to mitigate the damage.

Also potentially affected was personal information held by the Department of Children, Youth and Families, and non-personal financial and other data from about 100 local governments and 25 other state agencies.

In a statement Monday, Palo Alto, Calif.-based Accellion called the attack “highly sophisticated” and said it targeted the company’s legacy secure file-transmitting software, a 20-year-old product called FTA. The Auditor’s Office said it had nearly completed transitioning from that product to the company’s new one at the end of the year when the breach occurred; since Dec. 31, the auditor’s office has been on the new system. Other Accellion customers were also affected, including Australia’s securities regulator and New Zealand’s central bank.

McCarthy said the state learned of the attack Jan. 12, after Accellion made a general announcement regarding a security breach, but Accellion said it notified customers Dec. 23.

It wasn’t until last week that the Auditor’s Office learned what files might have been accessed, McCarthy said.

The Auditor’s Office said it has used Accellion for the past 13 years, on a contract worth about $17,000 annually.

More in News

Olympic Medical Center tells its reasons behind long ER waits

Staffing, transfer delays among several issues

Mark Morey is pictured in 2019 on City Pier in Port Angeles. (Paul Gottlieb)
Honorary degree, scholarship memorials to former PDN reporter

Mark Morey, who died Sunday, an award-winning journalist

Security exercise scheduled

Navy Region Northwest has announced that its bases will participate… Continue reading

Strange Brew Festival returns to Port Townsend

Two days of beer, music and crafts

Matthew Nash/Olympic Peninsula News Group 

As part of the construction plan to build and move a new Hurd Creek Hatchery, crews will remove and fill in a large fish pond. Demolition must wait for the new, nearby facility to be complete, according to state documents.
Hurd Creek hatchery to be moved from floodplain

Construction expected through summer 2024

US loan funding meters, upgrades

Jefferson PUD plans replacement by ’24

Mobile showers may not be coming to Sequim

Staff says cost would be expensive and could create additional issues

Sewing day for quilt program

Quilts of Valor will host its annual sew day from… Continue reading

Captain/EMT Tyler Gear, at top, and Firefighter/Paramedic Margie Brueckner, bottom, train on Clallam 2’s new stair chair by lowering Recruit Theo Saxe down a flight of stairs.
Stair chair bought with grant funds

Clallam 2 Fire-Rescue has received a new stair chair… Continue reading

Most Read